CVE-2022-43959

The CVE-2022-43959 entry concerns 1C-Bitrix Bitrix24 (through version 22.200.200) with an issue in AD/LDAP server settings where credentials are insufficiently protected. The root cause is exposure of an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit....

Bitrix24 信息泄露漏洞

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in 1C-Bitrix Bitrix24 version 22.200.200 and prior versions, which stems...

PT-2023-1981

Name of the Vulnerable Software and Affected Versions 1C-Bitrix Bitrix24 versions through 22.200.200 Description The issue is related to insufficient protection of registration data in the AD/LDAP server settings, allowing a remote attacker to gain unauthorized access to protected information. Th...

Bitrix24 Remtoe Code Execution

Exploit Title: Bitrix24 - Remote Code Execution RCE Authenticated Date: 4/22/2022 Exploit Author: picaroo Vendor Homepage: https://www.bitrix24.com/apps/desktop.php Tested on: Linux os /usr/bin/env python Created by heinjame import requests import re from bs4 import BeautifulSoup import...

Bitrix24 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Bitrix24 - Remote Code Execution RCE Authenticated Date: 4/22/2022 Exploit Author: picaroo Vendor Homepage: https://www.bitrix24.com/apps/desktop.php Tested on: Linux os /usr/bin/env python Created by heinjame import requests import re from bs4 import BeautifulSoup import...

Bitrix24 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Bitrix24 - Remote Code Execution RCE Authenticated Date: 4/22/2022 Exploit Author: picaroo Vendor Homepage: https://www.bitrix24.com/apps/desktop.php Tested on: Linux os /usr/bin/env python Created by heinjame import requests import re from bs4 import BeautifulSoup import...

The vulnerability of the arParams[API_KEY] parameter of the map.google component of the Bitrix24 service allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the arParamsAPIKEY parameter in the map.google component of the Bitrix24 business management service exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...

CVE-2020-28206

An issue was discovered in Bitrix24 Bitrix Framework 1c site management 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows...

CVE-2020-28206

An issue was discovered in Bitrix24 Bitrix Framework 1c site management 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows...

Authentication flaw

An issue was discovered in Bitrix24 Bitrix Framework 1c site management 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows...

CVE-2020-28206

An issue was discovered in Bitrix24 Bitrix Framework 1c site management 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows...

CVE-2020-28206

The CVE-2020-28206 entry describes a vulnerability in Bitrix24 Bitrix Framework (1c site management) version 20.0 where a flaw in the admin login form allows user enumeration of administrator-group accounts and enables brute-force attempts on passwords for users not in the administrator group. Th...

Bitrix24 Code Issue Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A code issue vulnerability exists in Bitrix24 version 20.0.975 and prior versions. The vulnerability stems...

Bitrix24 Web Application Firewall Cross-Site Scripting Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix, USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management.Web Application Firewall is one of the Web Application Firewalls. A cross-site scripting vulnerability...

CVE-2020-13484

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing 'meta name="og:image" content="' followed by an intranet URL...

CVE-2020-13483

The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the itemsITEMSID parameter to the components/bitrix/mobileapp.list/ajax.php/ URI...

CVE-2020-13484

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing 'meta name="og:image" content="' followed by an intranet URL...

CVE-2020-13483

The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the itemsITEMSID parameter to the components/bitrix/mobileapp.list/ajax.php/ URI...

Cross site scripting

The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the itemsITEMSID parameter to the components/bitrix/mobileapp.list/ajax.php/ URI...

Design/Logic Flaw

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing 'meta name="og:image" content="' followed by an intranet URL...